Libssh CVE-2018-10933 Scanners & Exploits Released - Apply Updates Now
Last week a vulnerability was disclosed regarding a ridiculously easy authentication bypass vulnerability in libssh. Since then, multiple tools and scripts have been released that allow attackers to remotely exploit this vulnerability in order to remotely execute commands on vulnerable devices. [...]
https://www.bleepingcomputer.com/news/security/libssh-cve-2018-10933-scanners-and-exploits-released-apply-updates-now/
Last week a vulnerability was disclosed regarding a ridiculously easy authentication bypass vulnerability in libssh. Since then, multiple tools and scripts have been released that allow attackers to remotely exploit this vulnerability in order to remotely execute commands on vulnerable devices. [...]
https://www.bleepingcomputer.com/news/security/libssh-cve-2018-10933-scanners-and-exploits-released-apply-updates-now/
BleepingComputer
Libssh CVE-2018-10933 Scanners & Exploits Released - Apply Updates Now
Last week a vulnerability was disclosed regarding a ridiculously easy authentication bypass vulnerability in libssh. Since then, multiple tools and scripts have been released that allow attackers to remotely exploit this vulnerability in order to remotelyβ¦
Windows 10 1809 Zip Extraction Bug Overwrites Files without Confirmation
A new bug has popped up in Windows 10 Build 1809 that does not display an overwrite prompt when extracting files from a Zip archive to a location where the same file exists. [...]
https://www.bleepingcomputer.com/news/security/windows-10-1809-zip-extraction-bug-overwrites-files-without-confirmation/
A new bug has popped up in Windows 10 Build 1809 that does not display an overwrite prompt when extracting files from a Zip archive to a location where the same file exists. [...]
https://www.bleepingcomputer.com/news/security/windows-10-1809-zip-extraction-bug-overwrites-files-without-confirmation/
BleepingComputer
Windows 10 1809 Zip Extraction Bug Overwrites Files without Confirmation
A new bug has popped up in Windows 10 Build 1809 that does not display an overwrite prompt when extracting files from a Zip archive to a location where the same file exists.
Phishing Report Shows Microsoft, Paypal, & Netflix as Top Targets
A new phishing report has been released that keeps track of the top 25 brands targeted by bad actors. Of these brands, Microsoft, Paypal, and Netflix are the top brands impersonated by phishing attacks. [...]
https://www.bleepingcomputer.com/news/security/phishing-report-shows-microsoft-paypal-and-netflix-as-top-targets/
A new phishing report has been released that keeps track of the top 25 brands targeted by bad actors. Of these brands, Microsoft, Paypal, and Netflix are the top brands impersonated by phishing attacks. [...]
https://www.bleepingcomputer.com/news/security/phishing-report-shows-microsoft-paypal-and-netflix-as-top-targets/
BleepingComputer
Phishing Report Shows Microsoft, Paypal, & Netflix as Top Targets
A new phishing report has been released that keeps track of the top 25 brands targeted by bad actors. Of these brands, Microsoft, Paypal, and Netflix are the top brands impersonated by phishing attacks.
Signal Desktop Leaves Message Decryption Key in Plain Sight
A mistake in the process used by the Signal Desktop application to encrypt locally stored messages leaves them wide open to an attacker. [...]
https://www.bleepingcomputer.com/news/security/signal-desktop-leaves-message-decryption-key-in-plain-sight/
A mistake in the process used by the Signal Desktop application to encrypt locally stored messages leaves them wide open to an attacker. [...]
https://www.bleepingcomputer.com/news/security/signal-desktop-leaves-message-decryption-key-in-plain-sight/
BleepingComputer
Signal Desktop Leaves Message Decryption Key in Plain Sight
A mistake in the process used by the Signal Desktop application to encrypt locally stored messages leaves them wide open to an attacker.
Skype Preview for Windows 10 is Getting Split View Mode
Microsoft is currently working hard to update the new modern Skype 8 with all necessary features as the company plans to end support for Skype Classic on November 1. Today, Microsoft announced that the Split View mode is now available in Skype preview for Windows 10. [...]
https://www.bleepingcomputer.com/news/microsoft/skype-preview-for-windows-10-is-getting-split-view-mode/
Microsoft is currently working hard to update the new modern Skype 8 with all necessary features as the company plans to end support for Skype Classic on November 1. Today, Microsoft announced that the Split View mode is now available in Skype preview for Windows 10. [...]
https://www.bleepingcomputer.com/news/microsoft/skype-preview-for-windows-10-is-getting-split-view-mode/
BleepingComputer
Skype Preview for Windows 10 is Getting Split View Mode
Microsoft is currently working hard to update the new modern Skype 8 with all necessary features as the company plans to end support for Skype Classic on November 1. Today, Microsoft announced that the Split View mode is now available in Skype preview forβ¦
Firefox Targeting Competing VPN Sites With ProtonVPN Offer in New Test
Mozilla has announced a study where Firefox will promote the ProtonVPN service as a new revenue source. BleepingComputer was able to gain access to the study's extension and it appears that the ProtonVPN will be recommended when visiting competing VPN providers, streaming services, or when connecting to insecure wireless gateways. [...]
https://www.bleepingcomputer.com/news/software/firefox-targeting-competing-vpn-sites-with-protonvpn-offer-in-new-test/
Mozilla has announced a study where Firefox will promote the ProtonVPN service as a new revenue source. BleepingComputer was able to gain access to the study's extension and it appears that the ProtonVPN will be recommended when visiting competing VPN providers, streaming services, or when connecting to insecure wireless gateways. [...]
https://www.bleepingcomputer.com/news/software/firefox-targeting-competing-vpn-sites-with-protonvpn-offer-in-new-test/
BleepingComputer
Firefox Targeting Competing VPN Sites With ProtonVPN Offer in New Test
Mozilla has announced a study where Firefox will promote the ProtonVPN service as a new revenue source. BleepingComputer was able to gain access to the study's extension and it appears that the ProtonVPN will be recommended when visiting competing VPN providersβ¦
Critical Infrastructure & Supply Chain Remain Highly Vulnerable to Attacks
Additionally, cybercriminals have been targeting the commercial sector with as much aggression and skill as their attacks against the government. Unfortunately, some attacks against the government. Unfortunately, some attacks against corporations have national security ramifications, a fact not yet fully realized by all businesses. [...]
https://www.bleepingcomputer.com/news/security/critical-infrastructure-and-supply-chain-remain-highly-vulnerable-to-attacks/
Additionally, cybercriminals have been targeting the commercial sector with as much aggression and skill as their attacks against the government. Unfortunately, some attacks against the government. Unfortunately, some attacks against corporations have national security ramifications, a fact not yet fully realized by all businesses. [...]
https://www.bleepingcomputer.com/news/security/critical-infrastructure-and-supply-chain-remain-highly-vulnerable-to-attacks/
BleepingComputer
Critical Infrastructure & Supply Chain Remain Highly Vulnerable to Attacks
Additionally, cybercriminals have been targeting the commercial sector with as much aggression and skill as their attacks against the government. Unfortunately, some attacks against the government. Unfortunately, some attacks against corporations have nationalβ¦
New Windows Zero-Day Bug Helps Delete Any File, Exploit Available
Proof-of-concept code for a new zero-day vulnerability in Windows has been released by a security researcher before Microsoft was able to release a fix. [...]
https://www.bleepingcomputer.com/news/security/new-windows-zero-day-bug-helps-delete-any-file-exploit-available/
Proof-of-concept code for a new zero-day vulnerability in Windows has been released by a security researcher before Microsoft was able to release a fix. [...]
https://www.bleepingcomputer.com/news/security/new-windows-zero-day-bug-helps-delete-any-file-exploit-available/
BleepingComputer
New Windows Zero-Day Bug Helps Delete Any File, Exploit Available
Proof-of-concept code for a new zero-day vulnerability in Windows has been released by a security researcher before Microsoft was able to release a fix.
Cathay Pacific Suffers Data Breach Impacting 9.4 Million Passengers
The Cathay Pacific airline announced today that a system containing passenger data for up to 9.4 million passengers was breached by attackers. [...]
https://www.bleepingcomputer.com/news/security/cathay-pacific-suffers-data-breach-impacting-94-million-passengers/
The Cathay Pacific airline announced today that a system containing passenger data for up to 9.4 million passengers was breached by attackers. [...]
https://www.bleepingcomputer.com/news/security/cathay-pacific-suffers-data-breach-impacting-94-million-passengers/
BleepingComputer
Cathay Pacific Suffers Data Breach Impacting 9.4 Million Passengers
The Cathay Pacific airline announced today that a system containing passenger data for up to 9.4 million passengers was breached by attackers.
Windows 10 Build 18267 Released With a New Enhanced Mode for Search Indexer
Microsoft has released the Windows 10 Insider Preview Build 18267 (19H1) to insiders in both the Fast and Skip Ahead rings. This build contains input and accessibility improvements. It also contains a new feature called "Enhanced Mode" for the Search Indexer. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-build-18267-released-with-a-new-enhanced-mode-for-search-indexer/
Microsoft has released the Windows 10 Insider Preview Build 18267 (19H1) to insiders in both the Fast and Skip Ahead rings. This build contains input and accessibility improvements. It also contains a new feature called "Enhanced Mode" for the Search Indexer. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-build-18267-released-with-a-new-enhanced-mode-for-search-indexer/
BleepingComputer
Windows 10 Build 18267 Released With a New Enhanced Mode for Search Indexer
Microsoft has released the Windows 10 Insider Preview Build 18267 (19H1) to insiders in both the Fast and Skip Ahead rings. This build contains input and accessibility improvements. It also contains a new feature called "Enhanced Mode" for the Search Indexer.
Unusual Remote Execution Bug in Cisco WebEx Discovered by Researchers
While remote code execution vulnerabilities are pretty common, a new one discovered in Cisco's WebEx online and video collaboration software is definitely different. That is because users can remotely execute commands through a component of the WebEx client even when WebEx does not listen for remote connections. [...]
https://www.bleepingcomputer.com/news/security/unusual-remote-execution-bug-in-cisco-webex-discovered-by-researchers/
While remote code execution vulnerabilities are pretty common, a new one discovered in Cisco's WebEx online and video collaboration software is definitely different. That is because users can remotely execute commands through a component of the WebEx client even when WebEx does not listen for remote connections. [...]
https://www.bleepingcomputer.com/news/security/unusual-remote-execution-bug-in-cisco-webex-discovered-by-researchers/
BleepingComputer
Unusual Remote Execution Bug in Cisco WebEx Discovered by Researchers
While remote code execution vulnerabilities are pretty common, a new one discovered in Cisco's WebEx online and video collaboration software is definitely different. That is because users can remotely execute commands through a component of the WebEx client evenβ¦
Free Decrypter Available for the Latest GandCrab ransomware Versions
A newly released decryption tool allows free recovery of files encrypted by certain versions of GandCrab, a ransomware family that affected hundreds of thousands of people since the beginning of the year. [...]
https://www.bleepingcomputer.com/news/security/free-decrypter-available-for-the-latest-gandcrab-ransomware-versions/
A newly released decryption tool allows free recovery of files encrypted by certain versions of GandCrab, a ransomware family that affected hundreds of thousands of people since the beginning of the year. [...]
https://www.bleepingcomputer.com/news/security/free-decrypter-available-for-the-latest-gandcrab-ransomware-versions/
BleepingComputer
Free Decrypter Available for the Latest GandCrab Ransomware Versions
A newly released decryption tool allows free recovery of files encrypted by certain versions of GandCrab, a ransomware family that affected hundreds of thousands of people since the beginning of the year.
Windows 10 KB4462933 Cumulative Update Released With Fixes and Improvements
Windows 10 Build 17134.376 is currently rolling out via Windows Update or you can download the patch directly from Microsoft's Update Catalog website. Windows 10 Build 17134.376 comes with a huge changelog and it includes several improvements that you may not notice. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4462933-cumulative-update-released-with-fixes-and-improvements/
Windows 10 Build 17134.376 is currently rolling out via Windows Update or you can download the patch directly from Microsoft's Update Catalog website. Windows 10 Build 17134.376 comes with a huge changelog and it includes several improvements that you may not notice. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4462933-cumulative-update-released-with-fixes-and-improvements/
BleepingComputer
Windows 10 KB4462933 Cumulative Update Released With Fixes and Improvements
Windows 10 Build 17134.376 is currently rolling out via Windows Update or you can download the patch directly from Microsoft's Update Catalog website. Windows 10 Build 17134.376 comes with a huge changelog and it includes several improvements that you mayβ¦
Malware Distributors Adopt DKIM to Bypass Mail Filters
A US-CERT alert provided recommendations on how businesses can mitigate their exposure to the Emotet Trojan. Unfortunately, it looks like criminals also reading the US-CERT's warnings as they have adopted new techniques to bypass these recommendations. [...]
https://www.bleepingcomputer.com/news/security/malware-distributors-adopt-dkim-to-bypass-mail-filters/
A US-CERT alert provided recommendations on how businesses can mitigate their exposure to the Emotet Trojan. Unfortunately, it looks like criminals also reading the US-CERT's warnings as they have adopted new techniques to bypass these recommendations. [...]
https://www.bleepingcomputer.com/news/security/malware-distributors-adopt-dkim-to-bypass-mail-filters/
BleepingComputer
Malware Distributors Adopt DKIM to Bypass Mail Filters
A US-CERT alert provided recommendations on how businesses can mitigate their exposure to the Emotet Trojan. Unfortunately, it looks like criminals also reading the US-CERT's warnings as they have adopted new techniques to bypass these recommendations.
Microsoft Acknowledges Zip File Overwrite Bug - Fix Coming in November
In a post to the Microsoft Answers forum, Microsoft has acknowledged the built-in zip bug and has stated that it will be fixed in an early November. This fix will most likely be pushed out via a cumulative update or via Microsoft's November Patch Tuesday updates. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-acknowledges-zip-file-overwrite-bug-fix-coming-in-november/
In a post to the Microsoft Answers forum, Microsoft has acknowledged the built-in zip bug and has stated that it will be fixed in an early November. This fix will most likely be pushed out via a cumulative update or via Microsoft's November Patch Tuesday updates. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-acknowledges-zip-file-overwrite-bug-fix-coming-in-november/
BleepingComputer
Microsoft Acknowledges Zip File Overwrite Bug - Fix Coming in November
In a post to the Microsoft Answers forum, Microsoft has acknowledged the built-in zip bug and has stated that it will be fixed in an early November. This fix will most likely be pushed out via a cumulative update or via Microsoft's November Patch Tuesdayβ¦
77K Additional Customers Affected by British Airways' MageCart Data Breach
While British Airways was investigating their September 2018 MageCart breach that at the time affected 380,000 customers, they have discovered that an additional 77,000 customers may have been affected. [...]
https://www.bleepingcomputer.com/news/security/77k-additional-customers-affected-by-british-airways-magecart-data-breach/
While British Airways was investigating their September 2018 MageCart breach that at the time affected 380,000 customers, they have discovered that an additional 77,000 customers may have been affected. [...]
https://www.bleepingcomputer.com/news/security/77k-additional-customers-affected-by-british-airways-magecart-data-breach/
BleepingComputer
77K Additional Customers Affected by British Airways' MageCart Data Breach
While British Airways was investigating their September 2018 MageCart breach that at the time affected 380,000 customers, they have discovered that an additional 77,000 customers may have been affected.
New FilesLocker Ransomware Offered as a Ransomware as a Service
A new ransomware called FilesLocker is being distributed as a Ransomware as a Service, or RaaS, that targets Chinese and English speaking victims. [...]
https://www.bleepingcomputer.com/news/security/new-fileslocker-ransomware-offered-as-a-ransomware-as-a-service/
A new ransomware called FilesLocker is being distributed as a Ransomware as a Service, or RaaS, that targets Chinese and English speaking victims. [...]
https://www.bleepingcomputer.com/news/security/new-fileslocker-ransomware-offered-as-a-ransomware-as-a-service/
BleepingComputer
New FilesLocker Ransomware Offered as a Ransomware as a Service
A new ransomware called FilesLocker is being distributed as a Ransomware as a Service, or RaaS, that targets Chinese and English speaking victims.
Mozilla Firefox 63 Released with Enhanced Tracking Protection and More
Mozilla Firefox 63 was released this week with a bunch of new features such as enhanced tracking protection, Search Shortcuts, Tab Previews, synchronized Windows 10 themes, and security updates. [...]
https://www.bleepingcomputer.com/news/software/mozilla-firefox-63-released-with-enhanced-tracking-protection-and-more/
Mozilla Firefox 63 was released this week with a bunch of new features such as enhanced tracking protection, Search Shortcuts, Tab Previews, synchronized Windows 10 themes, and security updates. [...]
https://www.bleepingcomputer.com/news/software/mozilla-firefox-63-released-with-enhanced-tracking-protection-and-more/
BleepingComputer
Mozilla Firefox 63 Released with Enhanced Tracking Protection and More
Mozilla Firefox 63 was released this week with a bunch of new features such as enhanced tracking protection, Search Shortcuts, Tab Previews, synchronized Windows 10 themes, and security updates.
New DemonBot Botnet Pulls the YARN in Hadoop Servers
Attackers looking to increase the denial-service-power of their botnet have set their sights on servers with vulnerable Hadoop installations, compromising them via publicly available exploits. [...]
https://www.bleepingcomputer.com/news/security/new-demonbot-botnet-pulls-the-yarn-in-hadoop-servers/
Attackers looking to increase the denial-service-power of their botnet have set their sights on servers with vulnerable Hadoop installations, compromising them via publicly available exploits. [...]
https://www.bleepingcomputer.com/news/security/new-demonbot-botnet-pulls-the-yarn-in-hadoop-servers/
BleepingComputer
New DemonBot Botnet Pulls the YARN in Hadoop Servers
Attackers looking to increase the denial-service-power of their botnet have set their sights on servers with vulnerable Hadoop installations, compromising them via publicly available exploits.
The Few Privileged North Koreans Are Savvy Scammers
Despite North Korea's isolation from the rest of the world, the country's ruling elite use the internet to escape economic sanctions and to find and tackle new money-making opportunities, legal or not. [...]
https://www.bleepingcomputer.com/news/cryptocurrency/the-few-privileged-north-koreans-are-savvy-scammers/
Despite North Korea's isolation from the rest of the world, the country's ruling elite use the internet to escape economic sanctions and to find and tackle new money-making opportunities, legal or not. [...]
https://www.bleepingcomputer.com/news/cryptocurrency/the-few-privileged-north-koreans-are-savvy-scammers/
BleepingComputer
The Few Privileged North Koreans Are Savvy Scammers
Despite North Korea's isolation from the rest of the world, the country's ruling elite use the internet to escape economic sanctions and to find and tackle new money-making opportunities, legal or not.
Trivial Bug in X..Org Gives Root Permission on Linux and BSD Systems
A vulnerability that is trivial to exploit allows privilege escalation to root level on Linux and BSD distributions using X.Org server, the open source implementation of the X Window System that offers the graphical environment. [...]
https://www.bleepingcomputer.com/news/security/trivial-bug-in-xorg-gives-root-permission-on-linux-and-bsd-systems/
A vulnerability that is trivial to exploit allows privilege escalation to root level on Linux and BSD distributions using X.Org server, the open source implementation of the X Window System that offers the graphical environment. [...]
https://www.bleepingcomputer.com/news/security/trivial-bug-in-xorg-gives-root-permission-on-linux-and-bsd-systems/
BleepingComputer
Trivial Bug in X.Org Gives Root Permission on Linux and BSD Systems
A vulnerability that is trivial to exploit allows privilege escalation to root level on Linux and BSD distributions using X.Org server, the open source implementation of the X Window System that offers the graphical environment.